From owner-freebsd-questions@freebsd.org Fri Sep 18 12:57:59 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3890E9CDF4A; Fri, 18 Sep 2015 12:57:59 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 002231E88; Fri, 18 Sep 2015 12:57:58 +0000 (UTC) (envelope-from des@des.no) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id A2963848A; Fri, 18 Sep 2015 12:49:04 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id B061F8303; Fri, 18 Sep 2015 14:49:02 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: grarpamp Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: HTTPS on freebsd.org, git, reproducible builds References: Date: Fri, 18 Sep 2015 14:49:01 +0200 In-Reply-To: (grarpamp@gmail.com's message of "Thu, 17 Sep 2015 23:20:31 -0400") Message-ID: <86vbb7dhaa.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Sep 2015 12:57:59 -0000 grarpamp writes: > Not to mention the irreproducible builds / pkgs / ISO's. The base system build is 99% reproducible. ISOs should be reproducible as well, modulo timestamps. Reproducible packages are extremely difficult to get right. Baptiste spent a lot of time and effort trying to get them to work before the official switch to pkgng. Many packages compile the build host's name and / or the current date and time into various binaries. Python stores the timestamp of the original .py file into the .pyc file and will attempt to recompile it if that timestamp does not match or the .py file's mtime is equal to or greater than the .pyc file's mtime. Emacs does similar shenanigans with .el and .elc files. > These days these flaws are more than a bit ridiculous, You seem to be implying that everybody else is doing it except us. This is not true. Debian and Fedora are or have been working on it but with no success to date. > Can we get a wiki project page and some traction on this? https://wiki.freebsd.org/ReproducibleBuilds https://wiki.freebsd.org/PortsReproducibleBuilds Are you volunteering? DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no